Reputation: 612
Docker registry acting as a proxy not pulling images
I set up a docker registry as a proxy as described here for my gitlab.com registry.
docker run -d -it --restart=always -p 5000:5000 --name docker-registry-proxy -v `pwd`/config.yml:/etc/docker/registry/config.yml registry
2020-02-10T17:11:52.833382682Z INFO[0000] redis not configured go.version=go1.11.2 instance.id=85522854-b09f-4a91-9dfa-325ad3d90683 service=registry version=v2.7.1
2020-02-10T17:11:52.833404378Z INFO[0000] Starting upload purge in 20m0s go.version=go1.11.2 instance.id=85522854-b09f-4a91-9dfa-325ad3d90683 service=registry version=v2.7.1
2020-02-10T17:11:52.842100541Z INFO[0000] using inmemory blob descriptor cache go.version=go1.11.2 instance.id=85522854-b09f-4a91-9dfa-325ad3d90683 service=registry version=v2.7.1
2020-02-10T17:11:52.842153163Z INFO[0000] Starting cached object TTL expiration scheduler... go.version=go1.11.2 instance.id=85522854-b09f-4a91-9dfa-325ad3d90683 service=registry version=v2.7.1
2020-02-10T17:11:53.254072787Z INFO[0000] Discovered token authentication URL: https://gitlab.com/jwt/auth go.version=go1.11.2 instance.id=85522854-b09f-4a91-9dfa-325ad3d90683
2020-02-10T17:11:53.254102605Z INFO[0000] Registry configured as a proxy cache to https://registry.gitlab.com/ go.version=go1.11.2 instance.id=85522854-b09f-4a91-9dfa-325ad3d90683 service=registry version=v2.7.1
2020-02-10T17:11:53.254110743Z WARN[0000] Registry does not implement RempositoryRemover. Will not be able to delete repos and tags go.version=go1.11.2 instance.id=85522854-b09f-4a91-9dfa-325ad3d90683 service=registry version=v2.7.1
2020-02-10T17:11:53.254356780Z INFO[0000] listening on [::]:5000 go.version=go1.11.2 instance.id=85522854-b09f-4a91-9dfa-325ad3d90683 service=registry version=v2.7.1
And when I run a docker pull registry.gitlab.com/path/to/my/image, my proxy registry does not receive any requests and does not update its cache.
If I run a docker pull nginx, in the registry logs, I see that the request returns 404. That's normal because nginx is not part of my registry.
But why nothing happens when I try to pull my own images?
If I run docker pull localhost:5000/path/to/my/image then, the registry is pulling image from registry.gitlab.com but as localhost:5000.
Upvotes: 3
Views: 1215
Answers (1)
Reputation: 865
Heads up! Sorry for necroposting, but as following generations could stumble upon this question from search, as I did, I'd like to post an answer anyway.
The key to the problem here is that docker client in its current state (docker 20.10, registry 2.8.1) does respect '--registry-mirror' setting only when pulling images without registry specification in refspec.
Otherwise speaking, when you try to docker pull localhost:5000/image:tag or registry.gitlab.com/image:tag it bypasses configured mirror and communicates directly with the URL you've specified.
So, when you ask it to pull from registry.gitlab.com/image:tag, the request hits your GitLab registry directly, without pull-through cache.
And when you ask it to pull from localhost:5000/image:tag, the request hits directly your cache, which is proxying the request to your GitLab registry, caching the result, but of course pulled image is tagged as if it was downloaded from 'localhost:5000'.
You may try to pull your image as image:tag, that way your request would go to the --registry-mirror, which is localhost:5000, and then proxied to GitLab and cached, but in that case pulled image would be tagged as just image:tag.
However, if your workflow insist on having image tagged as registry.gitlab.com/image:tag, e.g., for docker-compose.yml or whatever, you may use separate docker tag command to achieve that.
Example:
docker pull my_image:tag
docker tag my_image:tag registry.gitlab.com/my_image:tag
docker images
But in that setup whenever you'll need to update latest tag, the request again would go directly to registry.gitlab.com and your cache would not be updated.
I would recommend use https://github.com/rpardini/docker-registry-proxy for implementing smarter docker registry caching. It is a little more complicated for setup, however does not have deficiencies official registry distribution does.
Upvotes: 3
Related Questions
- 404 when executing docker push to gitlab-container-registry
- Unable to pull image from the Gitlab container registry
- Using docker registry of gitlab, which is installed as docker-container
- Local Gitlab Container Registry behind reverse proxy
- Unable to pull image via GitLab Dependency Proxy
- Gitlab CI cannot pull image from private docker registry
- Unable to push image to a docker registry configured as proxy cache
- Docker fails to push images to Google Cloud Registry
- Gitlab docker registry pull failed EOF
- setting gitlab with docker registry error 500